Successful Risk Management Starts Small

 

According to Peter Spier of CMS Wire, businesses should commit to developing organisational risk management processes by starting small and begin this process by identifiying the data that is most important. 

An exerpt from the article states, "According to the Privacy Rights Clearinghouse, 31,110,318 records were breached worldwide in 2011 with 18,739,183 more year-to-date. Given the deep pockets of such high-profile breached organizations as Sony, RSA, Global Payments and LinkedIn, what can your organization do to protect its valuable assets against concerted effort if not human error?"

The article explains that organisations must recognise the levels of data security, balance their risk and business needs, and to effectively communicate and raise awareness of their organisations data classification policy to their employees. 

 

To read more go HERE

[VIA]

StratexSystems "Shaping Your Culture via Risk Appetite" Webinar tomorrow!

 

StratexSystems Webinar 18th October!

'Shaping Your Culture via Risk Appetite' 

Thursday Oct 18th 2012, 4pm-5pm GMT

It is almost time to join our CEO- Andrew Smart's live one-hour webinar, “Shaping Your Culture via Risk Appetite” The webinar begins this Thursday at 4 pm GMT. 

Don’t miss this rare opportunity to hear directly from Andrew Smart, CEO of StratexSystems. 

 

He will briefly explain risk appetite and how it can be linked into the overall strategy and risk management process of an organisation. He will then go on to clarify how Risk Appetite statements work alongside Vision statements; creating the right ‘tone from the top’, and how that can be cascaded through the organisation in the form of Risk Tolerances and KRI's. The webinar will conclude with a demonstration of how to enable and embed change, leveraging your SharePoint investment.

 

To view the webinar, please click the link below which will take you to a registration page. Simply add your name and email into the 'Please Register Now' boxes and you will be sent a personalised link that you can use on Thursday. (We apologise for the 'double' registration process, but we had some technical difficulties for the last webinar and are currently trying to iron them out!)

 

http://w.on24.com/r.htm?e=531492&s=1&k=5FE74D2E75F94585F5F9505E1D3F2F8A

 

Do you know somebody else who should attend? Please send them the same link & they can register for free right now.

 

See you shortly!

MS12-066 - Important Security Hotfix that applies to SharePoint 2010 & MOSS 2007

StratexSystems has been informed by one of Microsoft's Sharepoint Engineers of a new and critical hotfix:

"As you may have noticed this morning , anyone who has WSUS activated on their servers would have been prompted by the security bulletin MS12-066  http://technet.microsoft.com/en-us/security/bulletin/MS12-066 (KB 2741517) This Hotfix applies to SharePoint 2010 and MOSS 2007. It fixes a vulnerability that allows elevation of privileges. 

As the hotfix is critical, it will be installed automaticaly. So, after the installation, it's mandatory to execute PSCONFIG on every single server of the farm  => "psconfig –cmd upgrade –inplace b2b -wait" to complete the update process."

If this post is relevant to your Sharepoint Solution, then we hope that you are able to fix it and continue as normal.

Kind regards,

 

StartexSystems Development Team

StratexStudio Windows 8 App Sneak Preview

We have been hard at work to produce our first Windows 8 App- StratexStudio, which will be available for preview and purchase on the Windows 8 App Store from October 26th onwards. Please find below a few screenshots of our endeavours. Making an App that could work well on both touch-screen Tablets and PC environments was a challenge that our team of developers really enjoyed applying their combined knowledge towards and we are very proud of their outcome. 


 

New Date for 'Integrating Risk Into Your Balanced Scorecard' Thursday Oct 4th 2012

The Stratex Systems Webinar for the 27th of September 2012 has been postponed due to illness of our speaker, Andrew Smart. We apologise for the inconvenience this may cause you and we greatly appreciate your time. We hope that you will be able to attend our amended webinar date this Oct 4th 2012 and become inspired as well as gain valuable knowledge from Andrew. Thank you for your patience and time. More information can be found HERE about our webinars. We hope you all have a lovely weekend. See you next week!

Strategy Maps, Wow I didn’t know SharePoint could do that!

This was the reaction of a senior board advisor who took a little time out of his busy schedule to review the roll-out of the StratexPoint solution at his organisation. As our consultants ‘walked through’ the solution they deployed at the end of rapid, 4 week deployment, the group of senior executives were clearly impressed with the speed that their large, manual spreadsheets had been transformed into a enterprise-wide risk management solution. As our consultants ticked off the high-level requirements of an ERM solution, there was a surprising reaction when we opened with a Strategy Map. "Strategy Maps; Wow I didn’t know SharePoint could do that!" This was the reaction from one senior board advisor. Of course, the Strategy Map was not SharePoint, it is a key dashboard within StratexPoint and StratexLive, and this single dashboard has positioned risk management as a key part of the board level strategy process.

Well done Team.

The Three Key Scorecards within Risk-Based Performance Management

With the Risk-Based Performance Management methodology there are three ‘scorecards’ which we use to visualise strategy and risk management data and inform the management conversation and decision-making. The three scorecards are:

  • Performance Scorecard
  • Risk Scorecard
  • Control Scorecard

Each of the Scorecards have a similar structure but different content. The basic structure of the scorecards show the main item, the accountability for the item and related indicators. This means that for the Performance Scorecard we would present the Organisations (or Business Unit) Objectives, the Accountable person for each Objective, Appetite Alignment status, Aggregated Objective Score (based on the underlying KPIs), Key Performance Indicators (KPIs), and KPI score.

The Performance Scorecard is designed to enable a management team to focus on the performance of the Organisation with each of the Accountable people speaking to their Objectives. Typically the Performance Scorecard is used in conjunction with the Strategy Map providing an additional level of detail.

image

An example of a Performance Scorecard  from StratexSystems.

The Risk Scorecard would include the Organisations Key Risk, the Accountable person for each Risk, Appetite Alignment status, Aggregated Risk Score (based on underlying KRIs), Key Risk Assessment data, Current Risk Exposure (in currency value), Key Risk Indicators (KRIs) and KRI score. The Risk Scorecard is designed to enable a management team to focus on the organisation’s risk profile. It enables the management team to review the Risk Appetite Alignment, -are we operating within appetite or are we outside? It provides risk assessment data and exposure values alongside KRI status data so current risk taking can be discussed as can any emerging trends shown up from the indicators. It also highlights any mixed messages that might be coming from the risk assessment results and the indicator data. Naturally they should be giving the same message but often, particularly in less mature risk management environment, they can be different which can highlight the need for further work to embed the process and develop the knowledge, skills and culture. Again, each of the Accountable people should be in the room and around the table and speak to, and lead the discussion around their risks.

image

An example of a Risk Scorecard  from StratexSystems.

The Control Scorecard would include the Organisation's Key Controls, the Accountable person for each Control, Aggregated Control Score (based on the underlying KCIs), Key Control Assessment data, Key Control Indicator data and KCI score. Like the previous two scorecards, the Control Scorecard brings focus to, and informs the management conversation and decision-making, in this case around the controls environment and effectiveness within the organisation.  Again, each Accountable should lead the discussion about their controls.

 

image

An example of a Control Scorecard  from StratexSystems.

Each of the three scorecards above have an important role in, informing the management conversation and decision-making around strategy execution and risk management. Individually, they ‘speak’ to and  align each of the three lines of defence. The Performance Scorecard would be the primary tool for the First line, the Risk Scorecard would be the primary tool for the second line and the Control Scorecard would be the primary tool for the Third line. However each of the three lines are going to draw information and insights from each of the Scorecard’s and they will help reduce the silos that can be so problematic between the lines.

A key benefit of the Risk-Based Performance Management methodology is that it provides an overarching framework to bring together and align the organisation so that the strategy is delivered, sustainably and within appetite.

Why is a Strategy Map an important part of your risk management approach

The Strategy map is one of the most important tools developed by Kaplan and Norton as part of their Balanced Scorecard approach. It is designed to provide a relatively simple way of distilling strategy into a collection of objectives and showing the causal relationships between objectives.

The Strategy map provides a tool for explaining and demonstrating how intangible assets, such as people, information systems, culture, processes etc, create customer outcomes and ultimately deliver tangible financial benefits for shareholders. A well constructed Strategy map should be

Read More

The Failure of the Royal Bank of Scotland: Strategy and Risk Appetite

In March 2000, The Royal Bank of Scotland (RBS) acquired the UK-bank NatWest in a £21 billion deal that was then the largest take-over in British banking history. The acquisition was considered at the time to be a masterstroke of strategy and execution. Thus began a ‘golden period’ in RBS’s near 300 year history. RBS embarked on an ambitious strategy to transition from a regional to global financial services firm and one that drove aggressive revenue growth. RBS’s stock price grew and performed well in the early years of the 2000s and by 2007 the now global financial player was viewed by most analysts as a highly successful bank. For instance:

  • From 1997 to 2007 Earnings per share (EPS) had grown from about 50p to close to 250p
  • In 2007 RBS reported a record group operating profit of £10.3bn (£7.7bn after tax)
  • RBS increased its assets by a multiple of 29 between 1998 and 2008 (assets grew by an average of 41% per year)
  • It moved from outside the top 20 global banks by market capitalization prior to its acquisition of NatWest to ninth in the world by 2007

Then the Credit Crunch and disaster: RBS essentially failed in October 2008. To prevent collapse the UK Government injected

Read More